You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by ram <ra...@netcore.co.in> on 2007/06/21 16:31:50 UTC

sa-update for multiple servers

I have been using SA 3.1.5 with RDJ for my updates all this while. 
Now I wish to SA 3.2 with  sa-update instead of RDJ 

I have around 20 servers running spamassassin for our clients. Till now
I have been pulling rules from SARE on one machine into a http area and
then all other machines pull from there

Because I didnt want all my servers connecting simultaneously to SARE
and get the AUTOBAN , especially since some servers are behind the same
gateway


Do I need to do the same for sa-update too. How can I do this ? Or
should all servers simply do a sa-update



Thanks
Ram

Re: sa-update for multiple servers

Posted by Theo Van Dinter <fe...@apache.org>.

On Thu, Jun 21, 2007 at 08:01:50PM +0530, ram wrote:
> Do I need to do the same for sa-update too. How can I do this ? Or
> should all servers simply do a sa-update

IMO, you can either a) create your own internal channel and everyone
can use that, or b) just run using the public channels.

It really depends what you want to do.  I'd imagine that for 20 machines it
doesn't matter, but if you had a large number of machines, the channel
providers would prefer you to download their data and make it available
internally.

-- 
Randomly Selected Tagline:
"Come on Marc, let's call the help desk and ask for some information about
 recompilng /dev/null ...  I mean, I want it dynamically linked..."
                      - Theo talking to Marc Behr

Re: sa-update for multiple servers

Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.

ram wrote:
> On Thu, 2007-06-21 at 17:31 +0000, Duane Hill wrote:
>> On Thu, 21 Jun 2007, Jason Frisvold wrote:
>>
>>> On 6/21/07, Daryl C. W. O'Shea <sp...@dostech.ca> wrote:
>>>> I'd just use sa-update on all of them.  You could do sa-update on one
>>>> and then rsync the files around, though, if you wanted.
>>> If you're daring, you can try an NFS mount as well.  Although, with
>>> either of these (rsync or nfs), doesn't SA need to be restarted or at
>>> least HUPed to read the new rules files?
>> Yes. Otherwise, spamd would still be using the previously loaded rules.
>>
>> I'm not sure if the OP is using sa-compile or not. I would assume the 
>> compiled rule could be transfered over to other servers as well. Thus, 
>> avoiding the running of sa-compile on every server used. Not sure, though. 
>> I only have two servers and just run everything separately myself.
> 
> 
> Hi I am using Spamassassin as a module in MailScanner
> If I dont risk getting blacklisted for too many queries , I would run
> sa-update on all servers. Anyway I think I have to restart MailScanner
> on update 

Neither Theo or I have a problem with you running sa-update on 20 
machines, so if you're only using the updates.spamassassin.org channel 
or any of the sa-update.dostech.net channels, have at it.

Daryl

Re: sa-update for multiple servers

Posted by ram <ra...@netcore.co.in>.

On Thu, 2007-06-21 at 17:31 +0000, Duane Hill wrote:
> On Thu, 21 Jun 2007, Jason Frisvold wrote:
> 
> > On 6/21/07, Daryl C. W. O'Shea <sp...@dostech.ca> wrote:
> >> I'd just use sa-update on all of them.  You could do sa-update on one
> >> and then rsync the files around, though, if you wanted.
> >
> > If you're daring, you can try an NFS mount as well.  Although, with
> > either of these (rsync or nfs), doesn't SA need to be restarted or at
> > least HUPed to read the new rules files?
> 
> Yes. Otherwise, spamd would still be using the previously loaded rules.
> 
> I'm not sure if the OP is using sa-compile or not. I would assume the 
> compiled rule could be transfered over to other servers as well. Thus, 
> avoiding the running of sa-compile on every server used. Not sure, though. 
> I only have two servers and just run everything separately myself.


Hi I am using Spamassassin as a module in MailScanner
If I dont risk getting blacklisted for too many queries , I would run
sa-update on all servers. Anyway I think I have to restart MailScanner
on update 

Thanks
Ram

Re: sa-update for multiple servers

Posted by Duane Hill <d....@yournetplus.com>.

On Thu, 21 Jun 2007, Jason Frisvold wrote:

> On 6/21/07, Daryl C. W. O'Shea <sp...@dostech.ca> wrote:
>> I'd just use sa-update on all of them.  You could do sa-update on one
>> and then rsync the files around, though, if you wanted.
>
> If you're daring, you can try an NFS mount as well.  Although, with
> either of these (rsync or nfs), doesn't SA need to be restarted or at
> least HUPed to read the new rules files?

Yes. Otherwise, spamd would still be using the previously loaded rules.

I'm not sure if the OP is using sa-compile or not. I would assume the 
compiled rule could be transfered over to other servers as well. Thus, 
avoiding the running of sa-compile on every server used. Not sure, though. 
I only have two servers and just run everything separately myself.

Re: sa-update for multiple servers

Posted by Jason Frisvold <xe...@gmail.com>.

On 6/21/07, Daryl C. W. O'Shea <sp...@dostech.ca> wrote:
> I'd just use sa-update on all of them.  You could do sa-update on one
> and then rsync the files around, though, if you wanted.

If you're daring, you can try an NFS mount as well.  Although, with
either of these (rsync or nfs), doesn't SA need to be restarted or at
least HUPed to read the new rules files?

> Daryl

-- 
Jason 'XenoPhage' Frisvold
XenoPhage0@gmail.com
http://blog.godshell.com

Re: sa-update for multiple servers

Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.

ram wrote:
> I have been using SA 3.1.5 with RDJ for my updates all this while. 
> Now I wish to SA 3.2 with  sa-update instead of RDJ 
> 
> I have around 20 servers running spamassassin for our clients. Till now
> I have been pulling rules from SARE on one machine into a http area and
> then all other machines pull from there
> 
> Because I didnt want all my servers connecting simultaneously to SARE
> and get the AUTOBAN , especially since some servers are behind the same
> gateway
> 
> 
> Do I need to do the same for sa-update too. How can I do this ? Or
> should all servers simply do a sa-update

I'd just use sa-update on all of them.  You could do sa-update on one 
and then rsync the files around, though, if you wanted.

Daryl

RE: Spam getting thru

Posted by Leonardo Magallon <lm...@itsinc.com>.

Symantec Mail Security replaced Message Body with this text message.  The original text contained prohibited content and was quarantined.

ID:SERVER4::SYQ80c801f5

RE: Spam getting thru

Posted by Leonardo Magallon <lm...@itsinc.com>.

Symantec Mail Security replaced Message Body with this text message.
The original text contained prohibited content and was quarantined.

ID:SERVER4::SYQ7e40e8fe

RE: Spam getting thru

Posted by Leonardo Magallon <lm...@itsinc.com>.

Symantec Mail Security replaced Message Body with this text message.  The original text contained prohibited content and was quarantined.

ID:SERVER4::SYQ7e80bbc7

Re: Spam getting thru

Posted by ram <ra...@netcore.co.in>.

On Thu, 2007-06-21 at 09:47 -0500, Leonardo Magallon wrote:
> Hi, 
>   My server is having a problem with spamd using a lot of resources( spamd
> startup script is using -m 5 ) and a lot of spam is getting thru.   The
> installation is new using CentOS 5, spamassasin 3.1.8 and I am using
> RulesDuJour ( I deleted the blacklist.cf and blacklist related rules to
> alleviate load).  
> 
> Sometimes the spam doesn't even get the Spam assassin rules as the following
> email header shows:
> 
> Return-Path: <sa...@silverfour.com>
> Delivered-To: myemail@mydomain.com
> Received: (qmail 25345 invoked by uid 89); 21 Jun 2007 14:05:02 -0000
> Delivered-To: webmaster@mydomain.com
> Received: (qmail 25338 invoked by uid 89); 21 Jun 2007 14:05:02 -0000
> Received: by simscan 1.3.1 ppid: 24712, pid: 24721, t: 600.9127s
>          scanners: attach: 1.3.1 clamav: 0.90.1-exp/m: spam: 3.1.8
> Received: from unknown (HELO dxv146.internetdsl.tpnet.pl) (83.14.47.146)
>   by www.mydomain.com with SMTP; 21 Jun 2007 13:55:01 -0000
> Received-SPF: pass (www.mydomain.com: SPF record at silverfour.com
> designates 83.14.47.146 as permitted sender)
> Message-ID: <4d...@dxv146.internetdsl.tpnet.pl>
> From: "Sales" <sa...@silverfour.com>
> To: "Grazini Valentina" <we...@mydomain.com>
> Subject: Queens of the Stone Age: Rockin' Rulers
> Date: Thu, 21 Jun 2007 13:54:49 +0000
> MIME-Version: 1.0
> Content-Type: text/plain;
>         format=flowed;
>         charset="Windows-1252";
>         reply-type=original
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.2527
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> 
> 
> Is this behavior correct?
> 

I think this should be in the FAQ. Follow the standard recommendations

* Use RBL's at the MTA to reject the mail ( we use zen.spamhaus and
DSBL ) That saves a *LOT* of processing 

* Use a local caching DNS 

* Check valid recipient , valid sender domain etc at the MTA 

* if using SPF do it at the MTA 

* If still it doesnt work get better hardware, Buying 2GB ram is much
cheaper than wasting 2hrs every day trying to deal with load IMHO 



Thanks
Ram

Also when posting to a list do not start off by replying to an unrelated
thread 










> Thanks.

Spam getting thru

Posted by Leonardo Magallon <lm...@itsinc.com>.

Hi, 
  My server is having a problem with spamd using a lot of resources( spamd
startup script is using -m 5 ) and a lot of spam is getting thru.   The
installation is new using CentOS 5, spamassasin 3.1.8 and I am using
RulesDuJour ( I deleted the blacklist.cf and blacklist related rules to
alleviate load).  

Sometimes the spam doesn't even get the Spam assassin rules as the following
email header shows:

Return-Path: <sa...@silverfour.com>
Delivered-To: myemail@mydomain.com
Received: (qmail 25345 invoked by uid 89); 21 Jun 2007 14:05:02 -0000
Delivered-To: webmaster@mydomain.com
Received: (qmail 25338 invoked by uid 89); 21 Jun 2007 14:05:02 -0000
Received: by simscan 1.3.1 ppid: 24712, pid: 24721, t: 600.9127s
         scanners: attach: 1.3.1 clamav: 0.90.1-exp/m: spam: 3.1.8
Received: from unknown (HELO dxv146.internetdsl.tpnet.pl) (83.14.47.146)
  by www.mydomain.com with SMTP; 21 Jun 2007 13:55:01 -0000
Received-SPF: pass (www.mydomain.com: SPF record at silverfour.com
designates 83.14.47.146 as permitted sender)
Message-ID: <4d...@dxv146.internetdsl.tpnet.pl>
From: "Sales" <sa...@silverfour.com>
To: "Grazini Valentina" <we...@mydomain.com>
Subject: Queens of the Stone Age: Rockin' Rulers
Date: Thu, 21 Jun 2007 13:54:49 +0000
MIME-Version: 1.0
Content-Type: text/plain;
        format=flowed;
        charset="Windows-1252";
        reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527


Is this behavior correct?

Thanks.